WailingCrab malware, which originates from threat actor TA544, is using delivery-themed emails to infect hosts, subsequent to which it deploys a backdoor, allowing the C2 server to send more payloads. The malware utilises a lightweight messaging protocol, MQTT, and has switched from using Discord to MQTT for stealth and detection evasion. Components of the malware are stored on platforms like Discord.
New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens
A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as completely routine CI build configuration updates. The campaign,
